The Square Register interface is displayed on an iPad after Jack Dorsey of Square introduced two new products, Square Wallet and Square Register, at a product unveiling at the Square Headquarters on Monday, May 23, 2011 in San Francisco, Calif.

I have glimpsed the future - and it looks a lot like free hot chocolate.

Late last month, I ordered the beverage at Sightglass Coffee in SoMa, grabbed it from the counter and walked out without cracking my wallet.

Nobody chased me down because, when I first approached the cafe, the Card Case app on my iPhone detected the store's perimeter and automatically switched on. It broadcast my picture to the barista, who could then tap my pre-entered credit card number to cover the bill. The phone never had to leave my pocket.

It felt a lot like buying in the one-click environments of iTunes or Amazon, which is to say it didn't feel like buying at all. Square, the San Francisco startup behind the app, has come close to replicating the frictionless online buying experience in the brick-and-mortar world.

"What we wanted to focus on was removing the mechanics of the transaction and building the relationship between the merchant and customer," said Megan Quinn, director of products at Square, which occupies space at the Chronicle building at Fifth and Mission streets.

But, of course, Square isn't the only company working hard to crack the nut of mobile payments - and they all face considerable challenges.

Google, Visa, MasterCard, VeriFone, eBay's PayPal division and a joint venture among AT&T, Verizon and T-Mobile are attacking the problem in various ways. In most cases, those businesses are going a different direction than Square, employing near field communications (NFC) technology that allows people to tap their phone near a terminal to make a payment.

Done right, mobile payments can accelerate the monetary exchange, while streamlining the issuance, acceptance and storage of receipts, coupons and loyalty cards. Down the road - once consumer and retail use reaches critical mass - the hope is that people will be able to leave their wallets at home altogether.

But there's a chicken and egg paradox: Customers won't start using mobile payments in great numbers until they're accepted in great numbers, and retailers don't have a huge incentive to roll these systems out until customers are clamoring to pay this way.

There are only about 150,000 retailers nationwide that accept payments over MasterCard's NFC-based Paypass readers. Google's Wallet payment app works with this system, and industry rumors suggest the next iPhone might as well.

Square, which has so far focused on small merchants has about 20,000 that accept Card Case.

Another big challenge is human inertia. To get people to download apps, key in credit card numbers and transform a habit they're very comfortable with, mobile payments will have to represent more than a little improvement over what they do today.

"You have to offer them a compelling reason to do it," said David Mangini, an IBM executive focused on mobile payments. "At a very, very minimum ... it has to be just as convenient, just as broadly accepted and just as safe."

One of the big knocks on basic NFC payments is that tapping a phone near a reader doesn't represent a whopping improvement over swiping a card. In addition, merchants have little to gain by replacing one expensive payment infrastructure with another, some observers say.

"It doesn't upset the status quo," said Nick Holland, senior analyst at Yankee Group. "It doesn't really change the original business model and it all goes through the same rails."

Receipts, deals

Google argues that its NFC-based Wallet app is a big step forward for a few reasons. A single tap replaces not just the payment, but also the exchange of receipts, coupons and loyalty points.

On top of that, Google believes it's tying together the on- and off-line retail worlds, by allowing consumers to move the deals they spot on the Web into the Wallet app, where they can redeem them in the real world. Google Wallet also advertises nearby deals when users open up the app.

"For the consumer, it's really about tap, pay and save," said Osama Bedier, vice president of payments at Google. "On the merchant side, it's about closing the loop on that advertising."

This is a critical goal for Google, too, as it experiences slowing growth in online advertising - 93 percent of commerce still occurs offline, according to Forrester Research.

For its part, Square steers around the limitations of NFC - as well as the various roadblocks of wireless carriers and credit processing networks - by leveraging the powers of the Internet to process payments. The credit card information is stored online, in Square's secure cloud, not on the device itself.

Square, which started by providing small attachments that allow merchants to swipe credit cards using mobile devices, acts as the merchant of record for its customers. This allows the businesses to quickly start accepting credit cards without going through the usual drawn out and expensive process of applying for a merchant account. But it also clearly puts more risk onto Square's shoulders.

Square turned on the hands-free feature on its Card Case app, which takes advantage of the so-called geofencing capabilities in the latest version of Apple's mobile software, in an upgrade to the app in November. The feature is only available on Apple devices to date.

In addition, retailers have seen revenue leap as much as 20 percent since integrating the app. It drives traffic by highlighting nearby establishments, and the ease of payment encourages customer loyalty, the company says. Tips also tend to go up.

Is it safe?

But the question that has dogged Square - and indeed hangs over much of the mobile payment space - is security.

Early last year, VeriFone CEO Douglas Bergeron blasted Square - its attention-grabbing young competitor - for what he called serious security flaws. In an online video, he argued that any bad actor could use the Square dongle and an easy-to-create app to skim credit card numbers.

Square CEO Jack Dorsey, also the co-founder of Twitter, defended the company's security practices in a letter. He also highlighted the inherent insecurity of credit cards, noting that any sketchy waiter is equally free to steal your information.

Meanwhile, Quinn argued that Card Case is actually more secure than credit cards because it only works if you're in the location and your face matches the picture that pops up on the merchant's screen.

The radio technology behind NFC has taken some security lumps, too.

Late last month, a security researcher at a Washington, D.C., conference used a wireless reader she bought on eBay to highlight some weaknesses of radio frequency identification, Forbes reported. She pulled the critical data from an RFID-enabled credit card through a volunteer's clothing, encoded that data onto a blank card and put it to use onstage.

Holland said that any new form of payment inevitably creates new forms of fraud. The challenge will be to educate consumers and merchants about how to minimize the risks.

"Clearly, having a device always with you and connected is a very inviting target for criminals," he said. "Any safe is only as strong as the key."